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Abstract — [j We consider the problem of secure unicast trans- 
mission between two nodes in a directed graph, where an 
adversary eavesdrops/jams a subset of nodes. This adversarial 
setting is in contrast to traditional ones where the adversary 
controls a subset of links. In particular, we study, in the main, 
the class of routing-only schemes (as opposed to those allowing 
coding inside the network). Routing-only schemes usually have 
low implementation complexity, yet a characterization of the rates 
achievable by such schemes was open prior to this work. We first 
propose an LP based solution for secure communication against 
eavesdropping, and show that it is information-theoretically rate- 
optimal among all routing-only schemes. The idea behind our 
design is to balance information flow in the network so that no 
subset of nodes observe "too much" information. Interestingly, 
we show that the rates achieved by our routing-only scheme 
are always at least as good as, and sometimes better, than 
those achieved by "nai've" network coding schemes {i.e. the rate- 
optimal scheme designed for the traditional scenario where the 
adversary controls links in a network rather than nodes.) We 
also demonstrate non-trivial network coding schemes that achieve 
rates at least as high as (and again sometimes better than) those 
achieved by our routing schemes, but leave open the question 
of characterizing the optimal rate-region of the problem under 
all possible coding schemes. We then extend these routing-only 
schemes to the adversarial node-jamming scenarios and show 
similar results. During the journey of our investigation, we also 
develop a new technique that has the potential to derive non- 
trivial bounds for general secure-communication schemes. 

I. Introduction 

The secure network coding problem, introduced by Cai and 
Yeung [1], considers communication of a secret message in 
the presence of a computationally-unlimited adversary that 
eavesdrops on a limited but unknown portion of the network. 
Most existing work in the literature concerns the multicast 
uniform link-based adversary case, where all links have equal 
capacity and the adversary can eavesdrop on a limited number 
of links. In this case, the maximum secure rate achievable 
when only the source generates randomness has a simple 
cut-set characterization UJ, and is achieved by a number of 
existing coding schemes, e.g. |2-4|. 

In this paper we consider the node-based adversary case, 
where a computationally-unlimited adversary can eavesdrop 
on a limited number of nodes. Much less is known about this 
problem. Motivated by complexity considerations, we focus on 
the class of routing-only schemes for unicast, in which only 

'The authors are Hsted in alphabetical order. 



the source performs coding while non-source nodes perform 
routing. We formulate a linear program (LP) that balances 
the amount of information flowing through any subset of 
nodes, and show that its solution, which involves only simple 
forwarding, achieves the optimal capacity within the class of 
routing-only schemes. This class includes schemes involving 
replication (transmitting multiple copies of a received packet); 
our result shows that such replication does not improve rate. 
We further show that our LP-based routing-only schemes 
achieve rates that are always at least and sometimes higher 
than rates achieved by naive application of secure network 
coding schemes designed for the uniform hnk-adversary case. 
Related work by Cui et al. fSl considers the link-based 
secrecy problem with unequal link capacities and/or restricted 
eavesdropping sets, and give some achievable coding schemes 
where random keys may be injected or canceled at interme- 
diate nodes. We apply these approaches to the node-based 
eavesdropping problem and show that they can sometimes 
achieve higher rates than our routing-only schemes, though 
at the expense of higher complexity. 

We further extend our routing-only schemes to the problem 
of coding against a node-based jamming adversary that can 
introduce arbitrary errors at nodes under his control. The 
problem of network error correction coding against a jam- 
ming adversary was introduced by Yeung and Cai fF", 71. 
Like the eavesdropping problem, network error correction 
for the multicast uniform link-based adversary case has been 
extensively studied, with various existing capacity-achieving 
code constructions e.g. |7-9|, while much less is known about 
the node-based adversary case. Similarly, we show that our 
routing-only schemes, obtained using the same LP formula- 
tion, achieve rates that are never lower and sometimes higher 
compared to that achieved by naive application of network 
error correction codes designed for the uniform link-adversary 
case. However, unlike the eavesdropping case, we show that 
replication can improve rate in the jamming case. Kosut et 
al. |10| also consider node-based jamming adversaries, and 
introduce non-linear network codes called "polytope codes" in 
which intermediate nodes carry out comparison and signaling 
operations. These codes can sometimes achieve higher rates 
than routing-only schemes, but are more complex. 

One "natural" restriction we consider in the jamming sce- 
nario, in contrast to most work in the network error-correction 
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literature, is that the adversary is "causal". That is, his jam- 
ming actions cannot be based on future transmissions on the 
network. Under this reasonable assumption, we note that the 
power of the adversary is significantly weakened compared to 
the "non-causal" scenario. Specifically, we show that ideas 
in IfTTI lead to code designs in which the same rates can 
be achieved against a causal omniscient adversary (one who 
can see all causal transmissions in the network, and base his 
jamming strategy as a function of these observations), as are 
achieved by our schemes against a localized adversary (one 
who can see only see transmissions on edges incoming to 
him, and base his jamming strategy as a function of these 
observations). 

A. Notational Conventions 

Calligraphic symbols such as M will denote sets. Boldface 
symbols such as x will denote vectors, boldface upper-case 
symbols such as X will denote random variables, non-boldface 
lower-case symbols such as x will denote particular instantia- 
tions of those random variables and non-boldface upper-case 
symbols such as X will denote matrices. 

II. Model 

A. Network Model 

Let a graph Q = {y^E), where V is the vertex set, and 
8 is the edge set. There are two pre-specified nodes in V 
- specifically s denotes the source node, and t denotes the 
terminal node. For notational convenience, we denote by V 
the set of internal nodes V \ {s,t}, i.e., the subset of nodes 
of V excluding the source and terminal nodes. As is common 
in the network coding literature lfT2l . we assume each edge 
has unit capacity]^ For any nodes v let £in{v) denote the 
set of incoming edges of node v and £out {v) denote the set of 
outgoing edges of node v. We also define £in{A) and £out{A) 
be the set of incoming and outgoing edges of the nodes v € A 
respectively. For directed edge e — {v,v') G £, let head{e) 
denote the head node of the edge e, i.e., head{e) — v', and 
tail{e) denote the tail node of the edge e, i.e., tail{e) = v. The 
min-cut of the network between the source s and the terminal 
t is denoted by C. 

B. Source Encoding 

A packet is defined as a length-n vector in the field Fg. Here 
the field-size q, the number of packets in a generation N, the 
rate R, the redundancy 5, and the key rate r are code-design 
parameters to be specified later. We also define r to be the 
generation length, which satisfies N < tC, i.e., the number 
of packets in a generation is at most the generation length 
times the min-cut. A visual presentation of these parameters 
are given in Figure [T] The source s has a message M 



drawn arbitrarily from the set {1,2,, 



,9 



}, and a 



random variable key K distributed uniformly from the set 
{1,2,..., qrNn(i-S)y -pjjg source s then encodes the message 

^In the node-adversary case this unit-capacity assumption is without loss 
of generality (not so in the case when the adversary controls edges - see, for 
instance, |5|). 
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Fig. 1 . Illustrating example for our code parameters: The source s wishes 
to transmit a messge M to the terminal t over a network Q = {€,V) with 
min-cut C (in this example C = 4), specifically the so-called "cockroach 
network" example first described in fTO|, and replicated on the upper right 
of this figure. To this end, it first organizes M into tR = 8 packets (in 
this example, the generation length t = 3, and the rate R = 8/3), each 
containing n(l — S) symbols over Fq. It then generates a uniformly random 
key K which it organizes into rr packets (in this example r = 4/3), each 
containing n(l — <5) symbols over Fq. Next, the source uses Enc to encode M 
and K into A'^ packets (in this example A'^ = 12), each containing n symbols 
over Fq . In each coding instant i within the generation of length r the source 
then injects at most C of these packets into the network (in this example 
i S {1, 2, 3}, the outputs of the encoder are denoted X(e, i), for appropriate 
e and i, and routed over the network according to the red paths denoted in 
the three figures on the right). Finally, the terminal uses Dec to decode M as 
M. The set of all node encoders, along with the decoder, together comprise 
the code C. 



M and the key K by the source encoder Enc{s), and gener- 



ates Nn symbols over F^, i.e., Enc : {1, 2, . . . , q 
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C. Linear Network Encoding 

[^Jrhere are three types of nodes in the network - "uncor- 
rupted nodes", "eavesdropping nodes", and "jamming nodes". 
Nodes in the first category are entirely honest, perform the 
encoding operations specified in this section, and do not aim to 
eavesdrop on communications. Nodes in the second category 
also perform the encoding operations specified in this section, 
but in addition attempt to eavesdrop on communication as 



specified in Section II-D la. Nodes in the third category do 
not perform the encoding operations specified in this Section 
(their "jamming" is described in Section [Tl-DI lb and 2a), and 
in addition also attempt to eavesdrop on communications. We 
shall call nodes in either of the first two categories "non- 
jamming". 

^In some models, non-linear coding outperforms linear coding 1101 . For 
complexity reasons, we restrict our attention to linear codes. 
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The random variable X(e, i) denotes the packet on edge e G 
£ at time i e {1,...,t}. For simpHcity, we sometimes omit 
the time index, and use X(e) to denote the set of all packets 
going over an edge in a generation. We also denote X(£'',i) 
to be set of packets {e E £' : X(e, i)} at time i e {1, . . . , r}, 
where £' C £. 

Each non-jamming node in the network also has an encoder 
As mentioned before, in this work we restrict the internal 
nodes in the network to "simple" operations, specifically 
causal linear operation^ over F^. That is, the packets trans- 
mitted on each outgoing edge of a node v are linear functions 
of the packets arriving on incoming edges of v. 

We distinguish two types of network encoding schemes: 
Routing schemes: In a routing scheme, the set of packets 
leaving a node v are subsets of packets incoming to that node. 
That is, any packet X(e, i) transmitted on an edge e G £out{v) 
at time i £ {1, . . . , t} equals a packet X(e', j) transmitted on 
an edge e' E £in{v) at time j < i. Note that this includes 
"replication", i.e., a node is allowed to transmit multiple copies 
of a packet it has observed. 

Coding schemes: In a coding scheme, the set of packets 
leaving a node v are linear combinations of packets incoming 
to that nod^ These linear combinations can be of two types. 
In scalar linear network coding schemes, each outgoing packet 
corresponds to a causal linear combination (over F^) of the 
packets that v has already observed. That is, for any packet 
X(e,i) with tail{e) E V, we have 

X(e,z) = ^ E /3(e',e,j)X(e',j), (D 

e' :head(e')—tail{e) 

where the linear network coding coefficients f3{e,e',j) are 
scalars from Fg. 

In vector linear network coding schemes, each symbol of 
each outgoing packet corresponds to a linear combination 
(over ¥q) of all the symbols of all the packets that v has already 
observed. That is, for any packet X(e, i) with tail{e) E V, we 
have 

X(e,^)-E E B{e',e,j)X{e',z) (2) 

j<i e' ■.head{e') — tail{e) 

where B{e',e,j) are matrices in F^' x F^'. In particular, if 
B{e',e,j) = I3{e',e,j)l, it is a scalar linear network coding 
scheme|3 

"^In most of the network coding literature, we do not explicitly worry 
about causality, since a "limited" amount of non-causality can be simulated 
by pipelining (buffering at each node). However, in adversarial jamming 
problems the throughout against a causal adversary can be higher than 
against a noncausal adversary. In this work, this is indeed the case 
in the Omniscient Jammer model. Hence we explicitly focus on causal 
adversaries. 

^In this model we disallow the possibility that an internal node in the 
network generates private randomness, and uses this to generate outgoing 
packets. It can be shown (see |5|, and Figure |6] in Section [VT) that in fact 
such a strategy can sometimes increase the throughput of networks. 

^Vector linear network coding schemes are more general than scalar linear 
network coding schemes - see 1 1 3 1 . In general, all the achievability schemes 
we present in this paper are based on scalar linear network coding schemes. 
However, some of the non-achievability results we present work even for 
vector linear network coding schemes. 



For both these types of codes, the choice of coding coeffi- 
cients is part of the code design, and is explicitly specified 
later in the various schemes we construct. In general they 
may be chosen either deterministically (as a function of Q) or 
randoml}]^ We define the network code C to be a triple that 
contains source encoder Enc{s), intermediate node encoders 
Enc{v) for all w G V and terminal decoder Dec{t). That is, 
C = {Enc{s), Enc{V), Dec{t)) - here Enc(y) is Enc{v) 
where v E V. 

D. Adversarial Models and Corresponding Communication 
Goals 

We focus on two broad classes of adversarial models - 
localized and omniscient adversaries, and their coiTespond- 
ing communication goals. Localized adversaries are usually 
considered as the adversaries in the wired model, omniscient 
adversaries are usually considered as the adversaries in the 
wireless model. 

1) Localized Adversaries: An adversary is said be to localized 
if it only has a casual "localized" view of network traffic, 
depending on the nodes in Z it controls. That is, a localized 
adversary that observes Z can observe the packets incoming 
to the set of nodes Z. Its "attack strategy" can be a causal 
function of these observations (and also its knowledge of Q 
and C, and the terminal's decoding function, as defined below). 

We consider three types of communication problems against 
localized adversaries: 

a) Eavesdropping: The set of nodes eavesdropped by the 
adversary Ze is a set of at most ze nodes in V, chosen by the 
adversary as a function of his knowledge of Q and C, prior to 
communication starting. That is, Ze C V : t/ x C — >■ 'Pz£;(V), 
where Pzb(V') denotes the set of all subsets of V of size 
less than or equal to ze- Given this choice, at time i the 
adversary observes packets 'K.{£in{ZE), j) with j < i, the 
information on edges incoming to nodes in Ze at time j < i. 
Given these packets, the adversary's estimate M of M is 
allowed to be an arbitrary (possibly probabilistic) function of 
the packets he observes, the network Q, and the network code 
C. Adversarial Communication Goals Against a Localized 
Eavesdropper: Prior to the communication commencing, both 
M and K are known only to the source s itself, and not to any 
other party, s wishes to transmit the message M to t over the 
network Q, such that the secrecy and decodability requkements 
described in Q and Q in |II-E| below are satisfied. 

b) Jamming: The set of nodes jammed by the adversary Zj 
is a set of at most zj nodes in V. Given this choice, at time 
i the adversary can access X(£,j„(Zj), j) with j < i. Given 
the network Q and the network code C, he then coiTupts the 
information of the outgoing links of Zj, that he replaces 

by X{£out(Zj),i) for all z E {!,... ,r}. The 
adversary's transmissions X(e, i) on edges e outgoing from 
nodes in Zj are allowed to be arbitrary (possibly probabilistic) 
casual functions of the packets he observes, the network Q, 
and the network code C. 

'Each node chooses its linear network coding coefficients uniformly at 
random over ¥q, for instance 1 14|. 
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Adversarial Communication Goals Against a Localized Jam- 
mer: In this scenario, s wishes to transmit the message M to 
t over the network Q, such that the decodabihty requirement 
described in ([3| is satisfied. 

c) Eavesdropping and Jamming: The set of nodes eaves- 
dropped and jammed by the adversary Z is a set of at 
most z nodes in V. Given the network Q and the network 
code C, he corrupts the information of the outgoing Hnks 
of Z which is the same as the Localized Jamming case. 
Furthermore, the source s also wishes the message is secure 
to the adversarial nodes Z which has the same setting as the 
Localized Eavesdropping case. 

Adversarial Communication Goals Against a Localized Eaves- 
dropper/Jammer: s wishes to transmit the message M to t 
over the network Q, such that the secrecy and decodability 
requirements described in ^ and Q in II-E 



are satisfied. 



2) Causal Omniscient Adversaries: An adversary is said to 
be causal omniscient if it has a "global but causal" view of 
the network traffic. That is, a causal omniscient adversary 
that observes all the information X(e, i) transmitted over every 
edge e and all time i, though its jamming can only be a causal 
function in ij^ Its "attack strategy" can be a causal function 
of these observations (and also its knowledge of Q and C). 
a) Jamming: Given the information transmitting over the 
network Q, at time i the adversary can access X(e,j) with 
e € £ and j < i. The set of nodes jammed by the adversary Z 
is a set of at most zj nodes in V. Given this and the network 
Q, the network code C, he then corrupts the information of 
the outgoing links of Z, that is, replace X(fo«t('Z), i) by 
X(fo„t(Z),i). 

Adversarial Communication Goals Against a Omniscient Jam- 
mer: In this case, s wishes to transmit the message M to t 
over the network Q, such that the decodability requirement 
described in ([3]l is satisfied. 

E. Terminal Decoding 

In each of the four adversarial models above, the communi- 
cation goals always include the "decodability" condition. Only 
the Localized Eavesdropping and Localized Eavesdropping 
and Jamming models also include the "secrecy" condition. 
The former is defined in[T] and the latter is defined in|2]below. 

1) Decodability: We define the decoding function of termi- 



nal t to be Dec, where Dec : {1,2, ... ,q 



{R+r)Nn 



{1,2, 



} 



}. Let M = Dec{Enc(M)) be the 



message that the terminal t decodes. The terminal t is 
required to be able to decode the original message M 
with arbitrarily high probability. That is, we need 



Pr (M 7^ M) < ei. 



(3) 



for arbitrarily small ci. 
2) Secrecy: The source s transmits the message M with 
A-securely to the terminal t. That is, we require the 

*In fact, a secrecy constraint does not make sense in the case of omniscient 
adversaries, since adversaries by definition know all transmissions in tlie entire 
network. 



mutual information between the source's message and 
the adversary's estimate of it to be "small", that is, 

/(M;X(£,„(Z£)))< AQ (4) 

In particular, if A = 0, we say the message M is 
perfectly secure. 

The overall probability of erro^^ Pre of a transmission 
scheme can be separated into two parts. The probability of 
decoding error and the probability of leakage. The probability 
of decoding error, denoted by ei, is Pr^,c(M ^ M). The 
probability of leakage error, denoted by €2, is defined as 
Pr^^c(/(M;X(£:„,(Z)))> A). 

F. Code Parameters 

The rate R — log^ |A^| is achievable if for any e > 0, 
there exists S > such that there is a coding scheme with 
rate at least R — S with the overall probability of error ~ 
Pr^,c(M ^ M) +Pr^,c(/(M;X(£:„(Z))) > A) < e for 
large enough nN and q. 

III. Preliminaries 
A. Routing Linear Program 

We first introduce the linear program that gives us a baseline 
routing scheme for each of the four models above. 

Let V be the set of all paths from s to t. For path p E V, 
a natural internal variable in the Linear Program 1 (defined 
in Equations (|5]l - is the flow through path p, denoted by 
F{p). 

Linear Program 1 

= max ^^P) " ^(^)' (5) 

" (6) 



subject to Ve € f , F{p) < 1 

E 

p:\pr\Z\>0 



VZ C V,|Z| < z, 



F[p) < A(z). 



(7) 



In LPl, the maximum value of the objective function in ^ 
is denoted by F{z). Equation (|6]l says that the flows passing 
through a link are bounded by its capacity (which equals 1). 
Equation (|7| bounds the flow through any set of nodes with 
|Z| < z. This flow is bounded from above by A(z) - the LP 
attempts to ensure that not too much flow passes through any 
set of z nodes, while simultaneously maximizing the overall 
flow. Here, A(z) is also a variable of LPL The choice of rate 
R and key-rate r for each of our routing scheme depends 
critically on A(z). 



Intuitively, this inequality means that the communication scheme leaks at 
most A units of information. 

'"These definitions are for maximal probability of error (over all messages 
M) and hence also work averaged over M. The converses we prove also 
work averaged over M, and hence are also true for the worst-case M. 
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Lemma 1. If the optimal solution for LP 1 with X]pg-p -^(p) < 
C. Then, there is another optimal solution satisfies 

Proof Suppose the optimal solution of LPl is ((Vp G 
V, Fo(p)), Aq) such that the sum of all flows J2pev ^o{p) < 
C and let Fq = J^pev -^o{p)- So, the optimal objective 
function is Fq — Xq. Note that in this network, we can still 
inject Fin = C — Fq fraction of flows into the network since 
the sum of all flows Fq < C. Then, we have the sum of all 
flows J^pev -^'(p) ~ ^- Denote the increment of Aq after the 
injection of Fin to be Ai„, we have Ai„ < Fin- Also, we have 
VZ C V, Y.p:p3vi,iez P'iP) < -^0 + Xin, where Aj„ < Fi„. 
This means, the increment of the flows that passing through 
Z is Xin- So, the objective function after the flow injection is 
C - (Ao + A„0 > C - (Ao + F,n) =F-Xo. Since F - Aq 
is optimal, and so as C — (Aq + A™). ■ 
By Lemma [T] LPl can be reduced into the following linear 
program. Linear Program 1' 

max C — X{z) 

subject to Ve e £, ^ F{p) < 1 

p:p3e 

VZ c V, J2 ^(p) ^ ^(^) 

p:|pn2:|>o 

pev 

Note that the size of V is exponential to the network size, that 
means, there are exponential number of variables. In order to 
reduce the complexity of solving the linear program, we then 
consider the following linear program which is equivalent to 
LPr. So, we use the standard form of linear program as max- 
flow min-cut theorem. That is, instead of using the flow on 
the paths F{p) where p E V as the variables, we use the flow 
on the edges F{e) where e G f to be the variables in the 
following linear program. 
Linear Program 2 

max C — X{z) 
subject to eV, F{e) = ^ F(e) 

e:e^£in{v) e:eGf out (^) 

VZ c V, ^(^) ^ ^(^) 

Y Fie)^ Y F{e)^C 

IV. Main Results 

We show that the adversarial nodes problem can be solved 
by routing scheme. The routing is provided by LPl'. We 
use the same encoding process as fr\\ in the localized jam- 
ming/localized eavesdropping and jamming/omniscient jam- 
ming cases. For the localized eavesdropping, we use Vander- 
monde matrix as the encoding matrix. 

Theorem \. R = C — A(z), where X{z) is obtained by 



an optimal solution from LPl ', is achievable for localized 
eavesdropping. 

We show that the achievable scheme for localized eaves- 
dropping is optimal. 

Theorem 2. The achievable scheme for localized eavesdrop- 
ping is optimal among routing schemes. 

Furthermore, we discovered the graphical properties of the 
network. The converse for localized eavesdropping against 
1 eavesdropped node can be shown by careful combine the 
information- theoretic inequalities from its graphical properties. 

Theorem 3. R = C — X{z), where X{z) is the variable of 
LPl ', is achievable for localized jamming. 

Theorem 4. R = C — 2X{z), where X{z) is the variable of 
LPl ', is achievable for localized eavesdropping and jamming. 

Theorem 5. R — C — X{z), where X{z) is the variable of 
LPl ', is achievable for omniscient jamming. 

V. Proofs 

A. Localized Eavesdropping 

Proof of Theorem^ By LPl', each path p is assigned a flow 
F{p). It is clear that F{p) is rational for any p E V since all 
the coefficients in LPl' are rational. Let t be the minimum 
positive integer such that tF{p) E Z+. One may consider the 
scaling factor is scaling the capacity of each link up to r. Or, 
one could also consider r as the time in a generation. That is, 
there are C packets transmitted at time i for ie{l,2,...,r} 
and there are TV — tC packets transmitted to terminal t in 
each section. Now, let us consider the following scheme with 
rate R = C ~ X. 

Source: Let m = (toi, . . . , mrR) be the message transmit- 
ted, and k = (fci , . . . , kr\) be the keys. The keys are uniformly 
random over Fg which is not known to the eavesdropper So, 
the messages and the keys are "embedded" and transmitted 
over the network and the eavesdropper thus is confused by 
the random keys. Let V a Vandermonde matrix with size 

X iV, be the source encoder matrix. Let x = (m k)^ and the 
information to be transmitted from s is Vx. So, each packet 
corresponds to an entry of Vx. 

Intermediate Nodes: The packets are transmitted via the 
routes given by LPl'. 

Terminal: At terminal t, the terminal t simply multiplies 
V^^ with the received information Vx. Hence, x is recovered. 

For any Z C V, the total amount of flows passing through Z 
is at most tA. There are also tA uniform random numbers that 
are not known by the eavesdropper. Thus, the eavesdropper is 
not able to get any information of the original message no 
matter which set of Z nodes he observes. Therefore, the rate 
i? = C — A is achievable by the above scheme. ■ 
Proof of Theorem [2j 

Step 1: We first show that there is a routing scheme without 
replicating that performs at least as well as any routing scheme 
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c~Tout{z) mu 


C -T,„{Z) -Tout{Z) |15| 


C-ToutiZ) liii 






if ToutiZ)<C/2 


if r„(z) + ro„t(z) <c 


if ToutiZ)<C/2 


1.2 Toy example 


2 











2.1 Routing 


= C-X{z) 


>C- X{z) 


> C-2A(z) 


> C- A(z) 






if A(z) < C/2 


if A(z) < C/2 


if A(z) < C/2 


2.2 Toy example 


8/3 


8/3 


4/3 


8/3 


3.1 Coding 


>C-X{z) |5| 


> C- A(z) 


> C- 2A(z) 


> C - A(z) 


3.2 Toy example 


3 


3 


open 


3 



Fig. 2. Here, A(z) is tlie optimal value of the variable A in LPl'. Eavesdropping: In the cockroach network that first describe in J10|, 1 eavesdropped node 
can be regarded as 2 eavesdropping links (since each node has 2 incoming links). So, the best achievable rate for this example is 2 by |r|. In our routing 
scheme, the rate R = 8/3 is achievable for the cockroach network example - see Figure ^ We Further show that the rate ij = 3 is achievable in the 
cockroach network example if smart coding is allowed - see Figure |4] A more general achievable scheme is shown in |5|. Localized Jamming: The rate for 
the cockroach network is if we use the scheme in 1 1 1 1 directly. The rate i? = 8/3 is achievable for the cockroach network - see the proof of Theorem [3] 
for the encoding process. The rate ij = 3 is achievable in the example if non-linear coding is allowed - see Figure |5] (Here the casual omniscient jamming 
has the same results as the localized jamming - see 11 IJ ). Localized Eavesdropping and Jamming: The rate for the cockroach network is if we use the 
scheme in [15] directly. The rate R = 4/3 is achievable if routing in for the cockroach network - see Remark[2]for the encoding process. The coding rate 
is not known for this case. 



with replicating^^Suppose there is a node w e V that performs 
replicating. Consider the routing scheme obtained by removing 
all but one of the replicated packets from the network (keeping 
only one of those reaching the terminal, if there is one such, 
else removing all of the packets). Under this new routing 
scheme, the information received by the terminal still enables 
it to reconstruct as well as under the previous scheme. In 
addition, removing packets from the network can only improve 
the secrecy requirement. Sequentially removing all replicated 
packets thus results in a routing-without-replicating scheme 
with performance at least as good as the original scheme. 

Next, we give a more nuanced argument to show that in 
fact, for an optimal routing scheme, even the packets leaving 
the source must be essentially (statistically) independent. Let 
pi , P2 , • ■ • , Pfc be all the paths from the source s to the terminal 
t. Let P{j) be the random variable transmitted on the path pj. 
So, for the paths 9 e, we have H (P(j),j : pj 9 e) < 1. We 
assume the secrecy /(M;P(Z)) < 62 and the probability of 
decoding error Pig = Pr^ c(M 7^ M) < ei. By the Slepian- 
Wolf Theorem lfT6ll . we can construct a new random variable 
P(j) for each path pj from the source s to the terminal t 
with certain properties. Firstly, the set {P(j)} still carries 
essentially all the information that the set or original random 
variables {P(j)} carried, and hence the terminal can still 
decode M. Second, each P{j) is a function only of P(j), and 
hence the new routing scheme divulges no more information 
to the eavesdropper than the original scheme (due to the data- 
processing inequality). Third, the individual entropies of each 
new random variable is no more than the entropy of the 
original random variable, hence the edge-capacity constraints 
are not violated by the new routing scheme. Finally, the joint 
entropy of the new random variables is essentially the same 
as the sums of their individual entropies. Specifically, for any 
e' > 0, there is a sufficiently large m (number of generations), 

"We defined replicating routing schemes as those in which an internal 
node transmits the same incoming packet at least twice on outgoing edges. 



such that 2*^^! H (p(j)) = H (P(l)"\ . . . , P(fc)") + me'. 

For each j, the specific choice of P{j) that satisfies these 
constraints simultaneously corresponds to the output of the j- 
th Slepian-Wolf source encoder operating at any rate-point on 
the sum-rate constraint of Slepian-Wolf rate-region. 

Step 2: We now use the properties of the new routing 
scheme derived in Step 1 to argue that in fact the rate specified 
by the solution of LPl is also an outer bound on the achievable 
rate for routing-only schemes. 

mR = i/(M™) (8) 

< (m'",P(Z)™) (9) 

< i/(M'"|P(Z)™) +/(m'";P(Z)™) (10) 

< H (m'"|P(Z)™) - H (m™|P(Z)'", PCZ)") 

(m™|P(Z)",P(Z)") +mei (11) 



< I{M;P{Z) \PiZy 

+1 + emR + TO A 



< H [PiZ) j + 1 + emR + niA 

= mC - mH (P{Z)^ 

—me + 1 + emR + mA 



(12) 
(13) 

(14) 



where P(Z) denotes the random variables {P(l), . . . , P(fc)}\ 
P(Z). Inequality (12i holds by Fano's inequality, and the 



last equality holds due to the "near-independence" of P(.?), 
as argued in Step 1 (the remaining steps follow from stan- 
dard information identities and inequalities). Hence R < 

But this entropy in- 



l-e 

equa! 



C-H(^P(Z)j -e'+^+A 

ity must hold for each set Z. But these, along with the 
entropy inequalities constraining the rate on each edge to be 
at most 1, match the corresponding achievable rate given by 
LPl. ■ 
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B. Alternate outer bound for z ~ 1 

We now present an alternative proof technique for the outer 
bound on the rate in the scenario when the network has just 
a single node-based eavesdropper. This technique provides 
an interesting graphical characterization of optimal routing- 
based schemes. Unfortunately this technique, as presented, 
does not extend to the case when z > 1, nor when coding 
is allowed inside the network. Nonetheless, we are hopeful 
that one or both of these limitations may be overcome if 
our techniques are combined with a more careful analysis of 
structured information inequalities, such as those presented in 
Madiman-Tetali I17i. 



Definition 1 (Node-cut). A set of nodes Af C V is called a 
node-cut if after removing the nodes in Af there does not exist 
any path from s to t in the network. 

Of particular interest are minimal node-cuts. 

Definition 2 (Minimal node-cut). A set of nodes Af C V is 
called a minimal node-cut if Af is a node-cut and no proper 
subset of Af is a node-cut. The set of all minimal node-cuts is 
denoted by Af. 

We first show the existence of a minimal node-cut satisfying 
certain properties. Specifically, we show that each node in this 
node-cut must be either capacity constrained (the flow passing 
through the node is constrained by the capacities of incoming 
outgoing edges) or secrecy constrained (the flow passing 
through the node is constrained by the requirement that there 
be no information-leakage if that node is eavesdropped on). 
Such a node-cut, combined with carefully chosen information 
inequalities, is used to obtain an information theoretic upper 
bound on the capacity of the network. The scheme in LPl 
achieves this upper bound. 

For a minimal node-cut Af we define the following sets. 

f (TV") ^ {e = (u, w) e f : u, w e TV"} 



Afx^lveAf: J2 fiP) = ^] 

I p:p3v ) 



Afc ^ {v ^ Af : V ^ Afx, ^ /(p) = 

p:p3v 

min {|{e £ EM \ |{e € £out{v) \ f (AA)}}} 

Lemma 2. For a given single-source single sink network Q, 
there exists a minimal node-cut Af such that 



Af = AfxUAfc. 



(15) 



Proof: We prove the lemma by contradiction. Assume 
there does not exists a minimal node-cut in the given network 
with property ( [T5] l. Consider the minimal node-cut Af ^ ^ : 

3e = {s,v) e £} and define the set U{Af) = {u e Af : 
u ^ Af\ U Afc}- Then there exists a node u E N such that 

u^Afx^Afc- 

Now consider the set tail{£out{l^))^Af\l^ and choose any 
minimal node-cut A/"' C tail{£outipl))^Af\l^ ■ By assumption. 



there must exist some non-empty set U{Af') = {u G Af' : u ^ 
Af'^ UTV^}. Repeat the process of finding new minimal node- 
cut until we find a node w in a new node-cut Af" such that 
there exist edge (w, t) and w ^ Af'^ U Af^,. 



Note that the above process reveals existence of a path p : 
s,v, . . . ,w,t such that f{p) < 1, which implies J^pev fip) < 



C, which is a contradiction. 



Alternative proof of the outer bound. By Lemma [2] let Af be 
the node-cut we consider in the network Q. Note that for any 
node V E Af, we have the following sequence of inequalities: 

R = H{M) (16) 

< H(M\X{£,,,{Af)\£{Af))) 

+/(M;X(£,„(A/-)\£:(AA)) (17) 
= /(M;X(£„,(AA)\£:(A^)) (18) 
= / (M; X(£,;„(AA \ {v}) \ £(AA)|X(£„(«) \ f (A/-))) 

+i(M;X{£M\£W)) (19) 

< H (x(f,„(AA\ {f}) \ £{J^)\X{£Uv) \ £W)) 

(20) 

= i/(x(£,„(A/-)\£:(AA))) 

-H(x{£,r.{v)\£{J^))) (21) 

Here ([TSj follows from the requirement that the message M 
be decodable from the network transmissions, ( |20l ) from the 
requirement that there be no information leakage, and the 
remaining are standard information identities and inequalities. 



Summing up the above inequalities for every v E Afx, we have 
|A6,|i? < \J^x\H(x{£Uf^)\£{f^))) 

- ^ if(x(£:„(i;)\£(A^))) (22) 

Note that 

^ H(xi£M\£m] 



H(x{£Uv)\£m 



veNc 



> H 



(X{£U^)\£{U)) 



(23) 



So, we have 



Wx\R < \^f^\H (x{£U^f)\£i^f))) 

- H[M£^n{v)\£{m) (24) 



< 



(|AAA|-l)i/(x(£„,(AA)\£(AA))) 

+ ^^{M£^n{v)\£{^f))) (25) 



- ^ |x(f,„(z;)\£:(AA)) 



(26) 



Therefore, 



i? < 1 



c- 



Note that 



Y \M£^n{v)\£m)\ (27) 

equivalent to |A/a|'^ + 
> C. Hence, i? < C - A 



can be verified by putting ( [231 ) into ( [27] i. 

C. Localized Jamming 

Proof of Theorem |5] 

We use the same achievable scheme as ifTTl for the localized 
jamming scenario. Roughly speaking, each packet contains 3 
parts in this achievable scheme. That is, information about the 
message, a seed of hash function, and the value of the hash. 

Source: First, the source s fixes a number R' ~ 
[(l — ^^-^) {N — tX)\. Let the source encoder matrix be a 
Vandermonde matrix V with size (n — — l)iV x nR' . Let 
X be the vector of the original message. The vector x is of 
dimension nR! . There are r timeslots in one section, where 
T is the minimum positive integer such that tF{p) E Z+. In 
each section, the source s is transmitting N — tC packets 
to the terminal t. More precisely, C packets are transmitted 
to the terminal t at time i E {1,2,. ..,r}. Let us denote 
pi,P2, ■ ■ ■ , pn be the packets that the source s transmits to the 
terminal t. We also denote the corresponding encoding matrix 
for the packet pj to be Y{pj). The size of the matrix V(pj) 
equals {n ~ N ~ 1) x nR' . Also note that the concatenation 
of V(pj) for all j £ {1,2,..., TV} is exactly the encoding 
matrix V. Let p be a random number that uniformly chosen 
in ¥q. Define T{pj), U and D as follows. 



T{p,) = V(p,)x 



D = U[T(pi) T{p2) ... T{p 



N) 



(28) 
(29) 
(30) 



Where T{pj) is the vector that contains the information about 
the message, U is the hash function with respect to p, and D 
is the value of the hash. So, T{pj) is the column vector of 
size n — iV — 1, D is a row vector of size N. Let the whole 
packet pj to be [T{pj) D p]. Clearly, the packet size is n, and 




Fig. 3. An example that shows that higher rates may be achievable in 
the Causal Omniscient Jamming model than are achievable Localized 
Eavesdropping model. This is contrary to the behavior one sees in the link- 
adversary case - see, for instance, |18|, and is thus somewhat surprising. 
The example requires nodes inside the network to perform replication - as 
shown in the characterization of the capacity of the Localized Eavesdropping 
model, in-network replication does not help improve the rate. Suppose one of 
the nodes in the network is a causal omniscient jammer. Further suppose that 
the source s uses the same encoding as Theorem|3] The nodes in the first layer 
replicate the packets and send out identical copies on each outgoing link. So, 
each node in the second layer receives the same set of packets, and each then 
forwards their outgoing packets. If one of the nodes from the second layer 
is jammed, terminal t can decode correctly without any rate loss by majority 
decoding. So, the optimal adversarial strategy is to jam a node in the first 
layer. Therefore, a rate i? = 5 is achievable. However, solving LPl shows us 
that the optimal rate achievable in the Localized Eavesdropping model is 4. 



the last symbol of the packets p is the seed of the hash. 

Intermediate Nodes: The packets pj are transmitted from 
the source s to the terminal t follows the corresponding paths. 
That is, intermediate nodes v E V preform routing (not 
replicating) that is given by LPl'. 

Terminal: At terminal t, the decoding procedure is the 
following. Let the terminal receives [T{pj) D p] for j E 
{1, 2, . . . , iV}. The terminal t first determines [D' p'] by 
choosing the majority of received packets in a section. Since 
p' is now fixed, we have U' is also fixed. Then, the terminal t 
checks whether \J'T{pj) equals the j-th symbol of D' . Denote 
this set of packets to be Vd- 

Next, the terminal t concatenates the matrices V(pj) for 
Pj E Vd into a matrix, denoted by V/j. Note that 

T 



(T(K)T(pi) ... 



\-Pd\- 



Vi5X 



(31) 



where p' corresponds to the packets in Vd- So, x can be 
founded by inverting the matrix V^i. The probability of 
decoding error equals 1 — nN2^™ is shown in im . where 
TO is the field size parameter. ■ 

Remark 1. If nodes in V are not allowed to replicate incoming 
packets to outgoing Unks, the achievable rate is indeed optimal 

- see (TT\. If nodes in V are allowed to replicate incoming 
packets to outgoing links, the achievable rate can be improved 

- see Figure |3] 

Remark 2. For the proof of Theorem |4] the only difference 
between the proof of Theorem|3]is that x = (m k) where m is 
the message with size nR" in which R" ~ [(l — ^^:^) (N — 
2tX)\ and k is the key with size - rAJ. 

Remark 3. The proof of Theorem [5] is the same as the proof 
of Theorem [3] 
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Fig. 4. An example, for the cockroach network, of a "careful coding" scheme 
that beats any routing scheme in the Localized Eavesdropping model. It can 
be verified by solving Linear Program 1 that the routing-only rate equals 
8/3. However, it can be verified that in the scenario that 2 = 1, i.e., at most 
one node is eavesdropped on, the scheme outlined in this figure ensures that 
a rate R of 3 is perfectly securely achievable. 



1 




Fig. 5. An example demonstrating that allowing coding operations inside the 
network can in general leads to capacities that are greater than are possible 
by the routing-only schemes we present in this work. Specifically, suppose 
the cockroach network was augmented by a link with "small" capacity to 
each of nodes 4 and 5. In this case, as in 1 11 1 the (honest) source can send 
check-sums of the packets that should have reached each of nodes 4 and 5 
via other routes in previous generations - if these do not match the packets 
actually received by those nodes, they can discard these packets and forward 
the "useful" packets, leading to an achievable rate of 3. In contrast, our routing 
schemes can achieve a rate of at most 8/3 + e. 



D. Encoding Complexity versus Rate-optimal Loss 

Note that the size of encoding matrix is determined by = 
tC. Since r is the parameter determined by LPT, the encoding 
complexity is large when r is also large. In this section, we 
will give the rate loss when we fix r. 

Lemma 3. For t' fixed, denote the corresponding rate to be 
R'. We have i? - i?/ < J^. 

Proof: Solving the bf Linear Program 2 of network Q 
gives us the flow value F{e) on each link e E £. Reduce 
the network Q by setting each link to be capacity F{e) and 
multiply t' to each link of the network Q. So, each link has 
capacity equals to T'F{e), denote this scaled network to be 
Q'. Denote the network Q" to be the quantization on each link 
e to be integer value, i.e., taking [T'F(e)J. So, the capacity 
on each link e is reduced by a value at most 1. Therefore, 
the capacity of the network Q" is reduced at most \£\ from 
the network Q'. Therefore, the capacity of the network Q by 
fixing r' reduced is at most -^j-. Hence, i? — i?' < ■ 

O T T 



ki k2 




Fig. 6. An example demonstrating that in some scenarios, if nodes inside 
the network are allowed to inject randomness, higher rates can be achieved 
than if this is not allowed (this observation was previously made in L5J - we 
repeat it here with a simpler example). 



VI. Beyond routing 

In this Section we demonstrate that carefully chosen net- 
work codes can indeed outperform many of the routing-only 
schemes presented as some of the main results of this work. 
However, the complexity of designing and implementing these 
schemes is in general much higher than that of the routing 
schemes we focus on. Also, a complete characterization the 
optimal throughout of such schemes is still open, and is thus, 
in the main, left open in this work. 
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